RCMP helps disrupt Russian-linked cybercrime group, issues warning to WordPress users

A major international law enforcement effort, dubbed 'Operation Endgame,' spearheaded in part by the RCMP, has dealt a significant blow to the Russian-linked cybercrime group known as Evil Corp. This week, the concerted action successfully disrupted the SocGholish malware network, which has infected thousands of WordPress sites and computers globally since 2017 by masquerading as legitimate software updates. The operation saw the takedown of 106 servers and domains worldwide, alongside the remediation of nearly 15,000 compromised WordPress websites, marking a critical victory against a persistent threat to digital infrastructure and user data. The stakes couldn't be higher as state-linked cybercrime continues its relentless assault on critical sectors, from education and government to vital infrastructure. Evil Corp, notorious for previous malware attacks like Zeus and Dridex, has long been a cornerstone of the cybercrime-as-a-service economy, enabling ransomware campaigns and espionage, and has been linked to Russian intelligence. The group exploited vulnerabilities in WordPress sites to spread SocGholish, which then acts as an initial access point for further malicious activities, underscoring the interconnectedness of global digital security and geopolitical tensions. Looking ahead, while Operation Endgame has provided a crucial disruption, the battle against sophisticated cyber threats is far from over. Authorities are urgently advising WordPress users to bolster their security immediately by changing login credentials, enabling multi-factor authentication, and deleting unused accounts to prevent reinfection. The ongoing challenge for law enforcement and cybersecurity professionals will be to maintain this momentum, continuously adapt to evolving tactics, and strengthen international partnerships to dismantle resilient criminal networks that leverage digital infrastructure for state-aligned objectives.